Unified Capabilities (UC) Approved Products List (APL) Process … · 2014-10-25 · brochure claims. Partial test. Full test of interaction of features. Or incremental test/DTR if

© 2014 TASC, Inc. | Proprietary

Presented by Gordon Bradley October 8th, 2014

Unified Capabilities (UC) Approved Products List (APL) Process and Successes


2

Outline

UC Defined 03

Governance & Policies 04

Reference Architecture 06

UC Requirements (UCR) 07

APL Process 08

Testing Rules of Engagement (RoEs) 09

Distributed Testing 11

APL Successes 14


3

UC Objectives:

Migrate DoD to common,

converged IP-based

network services to achieve:

Integrated and interoperable

operations; and End-to-end

security.

UC Defined

UC Definition:

The integration of voice,

video, and/or data services

delivered ubiquitously across

an interoperable, secure,

and highly available

Internet Protocol (IP)

network infrastructure,

independent of technology,

to provide increased mission

effectiveness to the

warfighter.


4

UC Governance

DoDI 8100.04 DoD UC

UC Requirements

(UCR)

UC Master Plan (UC MP)

DoD CIO

Joint Staff Implementation Guidance

DISA Planning

DoD Component Network Implementation

CJCSI 6211.02D

UC Steering Group UC Industry Advisory Board

Approved Products List UC Implementation Plans

DISA GIG Convergence Master Plan

DISA Campaign Plan

DISN Technical Evolution Plan

UC Implementation

Plans

UC Network Cutover

Plans


5

Version 1.0

UC Policy Documents DoDI 8100.04.

‒ DoD Unified Capabilities (UC). ‒ Signed 9 December 2010. ‒ Addresses Distributed Testing and UC Test

Requirements

UC Master Plan (UCMP). ‒ UC MP includes DoD-wide UC migration planning and

investment guidance. ‒ Provides a UC architecture, a mitigation plan for

security risks, and resource requirements for meeting the UC migration strategy.

UC Process Guide. ‒ This document defines the roles, responsibilities and

processes required to gain UC APL status for communications equipment to be connected to DoD Networks.

‒ Version 2.2, June 2014

October 2011

DoD Chief Information Officer

Department of Defense (DoD)

Unified Capabilities Master Plan (UC MP)


6

UC Reference Architecture UC Reference Architecture


7

UC Requirements (UCR)

Establish standards to develop unified capability solutions.

‒ Identifies only the minimum requirements and features to support UC Reference Architecture.

‒ Does not contain a complete set of specifications for commercial features that do not affect assured services.

Allows for standardized Unified Capabilities Test Plan (UC TP) for Interoperability (IO) and Information Assurance (IA) testing.

Facilitates collaborative development of Information Support Plans (ISPs).

Terminology. ‒ Required, Conditional, and Optional.

Requirement waivers. ‒ Only by DoD CIO.

Applicability. ‒ Based on submission date.

7 Version 1.0


8

The UC APL is the single authoritative source for certified UC products intended for use on DoD networks.

UC APL Tracking Number Assigned and Stakeholders Notified: Vendor, Sponsor, Test

Teams, DISA

Initial Contact Meeting (ICM) held to determine Testing

Center, Device Type, Applicable Requirements,

Business Model

IA/IO Tests Scheduled

Testing and Certification

IO Testing

JITC Issues IO Certification

Testing Setup

IA Testing

DISA CA or DoD Component DAAs Provide IA Approval

Product Placed on UC APL

Product Submitted for UC APL testing with

complete documentation per UC

APL Process Guide

UC APL Process


9

UC Test RoEs Services Prototype Pre-Production

Assured Services

Features (ASF)

Full test.

Or incremental test/Desk

Top Review (DTR) if based

on previously tested product.

Full test.

Or incremental test/DTR if

based on previously tested

product.

Non-ASF

(Affecting ASFs)

Partial test.

Full test of interaction of

features.



product.

No test. Vendor Letter of

Compliance (LoC) of vendor

tests of non-assured

services features meeting

brochure claims.

Partial test.


features.



product.

No test. Vendor LoC of

vendor tests of non-assured


brochure claims.

Non-ASF (Not

affecting ASFs)

Random test of potential

interactions.

Random test of potential

interactions.


10

UC Test RoEs (Cont’d) Services APL Ready Post APL

ASF

Full test.



product.

Full test for new software

versions or significant IA-affecting

hardware changes.

Or incremental test/DTR if based


Non-ASF

(Affecting ASFs)

Partial test.


features.



product.

No test. Vendor LoC of

vendor tests of non-assured


brochure claims.

Partial test.

Full test of interaction of features

for new software versions or

significant IA-affecting hardware

changes.

Or incremental test/DTR if based


No test. Vendor LoC of vendor

tests of non-assured services

features meeting brochure claims.

Non-ASF

(Not affecting ASFs)

No test.

Vendor LoC of vendor

tests of features meeting

brochure claims.

No test.

Vendor LoC of vendor tests of

features meeting brochure claims.


11

Distributed Testing Background

UC services provide increased mission effectiveness to the warfighter.

UC integrates standards-based communication and collaboration services.

A distributed test concept must be implemented for affordable, responsive, and efficient certification.

A cooperative effort by all DoD Components is required to achieve Distributed Testing.


12

Distributed Testing Precepts

Products tested only once to gain APL status.

JITC shall be the interoperability certification authority.

DoD Component Labs are the primary test lab for B/C/P/S and tactical systems.

DISA serves as UC IA Certification authority.

DSAWG acts as mediator to resolve enterprise IA issues.

DAAs act as site IA accreditation authority.

Component Labs/JITC develop test plans.

Results provided to JITC in prescribed format.

Each lab has its own business model.


13

Distributed Testing Precepts (cont’d)

DoD Component sponsor required for each product.

DoD Components use their lab as first choice.

DoD Components shall only use alternative labs due to lab capability, resource, or schedule limitations.

‒ The sponsors or vendors shall reimburse alternative labs for costs associated with UC tests conducted.

UC certification Office (UCCO) shall manage the UC distributed test and certification processes:

‒ Schedule coordination, vendor orientation, test status monitoring, results posting, UC APL maintenance, and UC test requirements and results adjudication.


14

UC Successes

UC Fee for Service (FFS) ‒ Vendor payment for testing services

Testing Reductions ‒ Use of Letters of Compliance (LoCs) and Vendor Self

Assessment Report (SAR) to reduce testing time

‒ Use of Desk Top Reviews (DTRs) for products on APL

Distributed Testing Facilities to increase testing capacity ‒ Army Technology Integration Center (TIC), Fort Huachuca

‒ Air Force Telecommunication Systems Security Assessment Program (TSSAP), San Antonio

‒ Navy Space and Naval Warfare Systems Command (SPAWAR), St. Julian's Creek


15

FFS

Commercial Companies deliver products to DoD with certificate of Interoperability and Security

7

Unified Communications Requirements (UCR) supports established policy that commercial products must be on the APL in order to meet DoDIN requirements

Today commercial companies pay JITC to be evaluated against their UCR category, it is a manual evaluation

JITC is supporting DoD CIO and DISA Network Services (NS) to further delineate “standards” and automate the evaluation.

Expansion efforts will soon include Enterprise, Cyber tools/sensors as well as cloud services

12 August 2014


16

Testing Reduction Estimations

Test Day Reductions

Reduction of 69%

Total Testing Reduction (FY13)


17

LoCs/SAR Impacts on Testing

17


18

DTR Impacts on Testing


19

Distributed Testing Success

19


Thank you For more information, contact

Gordon Bradley [email protected] (520) 538-5371

Or

Wayne Stark [email protected] (520) 538-4539

mailto:[email protected]

mailto:[email protected]


21

Acronym List ASF Assured Services Feature APL Approved Products List B/P/C/S Base/Post/Camp/Station CA Certification Authority CIO Chief Information Officer CJCSI Chairman of the Joint Chiefs of Staff

Instruction DAA Designated Approving Authority DCO Defense Collaboration Online DISA Defense Information Systems

Agency DISN Defense Information Systems

Network DODI DoD Instruction DSAWG Defense IA Security Working Group DTR Desk Top Review EI(s) End Instrument(s) GIG Global Information Grid IA Information Assurance IM Instant Messaging IO Interoperability IP Internet Protocol ISP Information Support Plan ISP Internet Service Provider JITC Joint Interoperability Test Command

LAN Local Area Network LoC Letter of Compliance MCEP Multi-Carrier Entry Point N-ASF Non- Assured Services Feature NetOps Network Operations PKI Public key Infrastructure PSTN Public Switched Telephone Network QoS Quality of Service RoEs Rules of Engagement SAR Self Assessment Report SBC Session Border Controller SC Session Controller SPAWAR Space and Naval Warfare Systems

Command SS Softswitch STEP Standardized Tactical Entry Point TIC Technology Integration Center TSSAP Telecommunication Systems

Security Assessment Program UC Unified Capabilities UCCO UC Certification Office UC MP UC Master Plan UCR UC Requirements UC TP UC Test Plan VVoIP Voice and Video over IP XMPP Extensible Messaging and Presence

Protocol